- The American Healthcare Informatics Management Association (AHIMA) has released a standardized model for patient health data access requests in an effort to streamline the process, according to an organization statement emailed to journalists.
The form is reportedly first of its kind, and will set a standard across the industry for how patients can request health data access. The Patient Request for Health Information form is HIPAA-compliant and can be customized across different facilities.
AHIMA developed the form in response to an industry-wide call for a clearer and more intuitive process for patients to request access to their medical records. The organization said it’s heard from multiple industry stakeholders that this process is confusing for patients and keeps patients from utilizing their rights to their information.
The ONC released a report earlier this month on patient data access requests, also stating that this process is convoluted and bars meaningful patient engagement.
“Many patients may not understand their rights to access their personal health information including that they can request to receive information in a format of their choosing, such as on a jump drive or through email,” said AHIMA interim CEO Pamela Lane, MS, RHIA.
“There also remains some confusion by healthcare professionals regarding their responsibility to provide patients with easy access to their records,” Lane added. “Written in easy-to-understand language for all patients, this model form and explanation of use provides healthcare providers with a customizable tool that both ensures their compliance and captures patient request information in a clear, simple format.”
This form is designed exclusively for patient or designated caregiver use, AHIMA stated. HIPAA regulations maintain that this period cannot exceed 30 days, a parameter many healthcare organizations often struggle to meet. The AHIMA form will ideally shorten the wait period and help organizations meet the 30-day requirement.
AHIMA also included the following recommendations for healthcare organizations using their standardized patient data access request form:
- Organizations should edit the form based on system capabilities as well as operational needs.
- Organizations should read and understand the OCR guidance, 45 CFR 164.524(c)(3), to ensure compliance.
- Organizations are not precluded from developing their own internal policies that comply with the OCR guidance as long as they do not create barriers to patient access. For example, if a patient requests health information to be transmitted through unsecured email, the provider should comply.
- Logo, barcode, and address may be added at the organization’s discretion.
- OCR guidance and state laws should be consulted when developing an organization’s fee structure.
Ultimately, AHIMA officials hope that this form will help organization leaders understand their responsibilities in facilitating patient data access. When staff members – specifically health information managers – understand patients’ legal rights to their own medical information, it makes the data access process more efficient.
“AHIMA is committed to promoting and advocating for best practices in health information and to ensuring patients have access to trusted health information,” Lane said.
“This model form is a useful example for both large healthcare organizations and individual physicians’ practices by providing needed clarity on their obligations. Our hope is that it will help connect patients with their health information and make them more empowered healthcare consumers.”
This form comes in part as a response to the ONC’s recent statements about patient medical records requests. The agency asserted that hospitals and clinics across the country must develop and communicate clear protocol for patients requesting access to their health information.
Although patients have expanded health data access through the patient portal – a medium that is theoretically free and open for patient use – many patients with complex medical needs have difficulty aggregating all of their health information. These individuals need to request their medical information from their various providers to help coordinate care.
But the process isn’t always easy, ONC pointed out.
“Consumers don’t know their options or their rights when it comes to transferring their records,” the report explained. “For providers and practices, this comes down to making sure all their staff understand what HIPAA does and doesn’t mandate, and what their health record systems are capable of — so they can communicate clearly with their patients.”
ONC added that organizations need to create a clear patient data access protocol to meet patient needs. Ultimately, this will end in better patient engagement. Ideally, the AHIMA form will help healthcare organizations accomplish that goal.